Create SECURITY.md #41

	name: Release

	permissions:
	contents: read

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	- next
	- alpha
	- beta

	jobs:
	release:
	permissions:
	contents: write # to be able to publish a GitHub release
	issues: write # to be able to comment on released issues
	pull-requests: write # to be able to comment on released pull requests
	id-token: write # to enable use of OIDC for npm provenance
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	# run before Set node , otherwise show Unable to locate executable file: pnpm error
	- name: Install pnpm
	uses: pnpm/action-setup@v2

	- name: Set node
	uses: actions/setup-node@v3
	with:
	node-version: 18
	cache: pnpm
	registry-url: 'https://registry.npmjs.org'

	- name: Install Dependencies
	run: pnpm i

	- name: Build
	run: pnpm run build
	- name: Test
	run: pnpm run test
	- uses: codecov/codecov-action@v3
	- name: Release
	run: npx semantic-release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	# https://github.com/semantic-release/semantic-release/issues/2313
	# continue-on-error: true

	# - name: Publish to NPM
	# run: pnpm publish --access public --no-git-checks
	# env:
	# NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
	# NPM_CONFIG_PROVENANCE: true

Provide feedback